DSA-2021-137: Dell Wyse Management Suite (WMS) Security Update for Multiple Vulnerabilities
Сводка: Dell Wyse Management Suite (WMS) contains remediation for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Влияние
High
Подробные сведения
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String | |
| CVE-2021-21586 | Dell Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user may exploit this vulnerability in order to read arbitrary files on the system. | 8.1 |
|
|
| CVE-2021-21587 | Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to obtain the path of files and folders. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String | |
| CVE-2021-21586 | Dell Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user may exploit this vulnerability in order to read arbitrary files on the system. | 8.1 |
|
|
| CVE-2021-21587 | Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to obtain the path of files and folders. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Затронутые продукты и исправление
| Product | Affected Versions | Updated Version | Link to Update |
| Dell Wyse Management Suite | Versions before version 3.3 | 3.3 | Dell Wyse Management Suite 3.3 |
| Product | Affected Versions | Updated Version | Link to Update |
| Dell Wyse Management Suite | Versions before version 3.3 | 3.3 | Dell Wyse Management Suite 3.3 |
Сведения об авторе и авторских правах
Dell Technologies would like to thank Stephen Tomkinson and David Cash of NCC Group for reporting this issue.
Связанная информация
Правовая оговорка
Затронутые продукты
Product Security Information, Wyse Management SuiteСвойства статьи
Номер статьи: 000189363
Тип статьи: Dell Security Advisory
Последнее изменение: 06 Jul 2021
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.